Mailing List Archive

SA-Update cronjob output rejected by ISP for containing spam
I'm not sure how to exactly word the problem so the subject is the best
I can do for now. Whenever a crojob is run a message is sent out via
postfix to me with the contents of that cronjob. This morning when the
SA-Update cronjob was run I didn't receive the output back (this has
been going on since 7 June but that's another story). I looked at my
syslog and saw this:

https://pastebin.com/hHR0Rvii

Since I can't see the debug output of SA-Update I have no idea what
CenturyLinks spam filter hit on. I looked back through a weeks worth of
syslogs and this is the only time that the message was rejected for
containing spam. Any ideas what was in the latest rule updates to cause
this?


--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
11:56:52 up 1 day, 18:07, 1 user, load average: 1.21, 0.70, 0.65
Description: Ubuntu 18.04.2 LTS, kernel 4.18.0-22-generic
Re: SA-Update cronjob output rejected by ISP for containing spam [ In reply to ]
Chris Pollock skrev den 2019-06-22 19:03:

> https://pastebin.com/hHR0Rvii

accepted and bounced ?

if yes fix that
Re: SA-Update cronjob output rejected by ISP for containing spam [ In reply to ]
On Sat, 22 Jun 2019, Chris Pollock wrote:

> I'm not sure how to exactly word the problem so the subject is the best
> I can do for now. Whenever a crojob is run a message is sent out via
> postfix to me with the contents of that cronjob. This morning when the
> SA-Update cronjob was run I didn't receive the output back (this has
> been going on since 7 June but that's another story). I looked at my
> syslog and saw this:
>
> https://pastebin.com/hHR0Rvii
>
> Since I can't see the debug output of SA-Update I have no idea what
> CenturyLinks spam filter hit on. I looked back through a weeks worth of
> syslogs and this is the only time that the message was rejected for
> containing spam. Any ideas what was in the latest rule updates to cause
> this?

Not without seeing the message itself. Is there any way for you to
pastebin a copy of the message that was sent?

Can you twiddle the aliasing so that the message is (temporarily, at
least) delivered to a local mailbox in addition to the regular recipients?

It's not *too* surprising that cron output would trip over spam filters,
as the output from shell processes can hit rules intended to detect
obfuscatury formatting or gibberish, and doesn't generally look like
english text.

As the message is being bounced by an ISP server, it's unlikely you will
be able to get trust defined. This is a hazard for using ISP mailboxes for
purposes like this.

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The question of whether people should be allowed to harm themselves
is simple. They *must*. -- Charles Murray
-----------------------------------------------------------------------
814 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: SA-Update cronjob output rejected by ISP for containing spam [ In reply to ]
On Sat, 2019-06-22 at 10:29 -0700, John Hardin wrote:
> On Sat, 22 Jun 2019, Chris Pollock wrote:
>
> > I'm not sure how to exactly word the problem so the subject is the
> > best
> > I can do for now. Whenever a crojob is run a message is sent out
> > via
> > postfix to me with the contents of that cronjob. This morning when
> > the
> > SA-Update cronjob was run I didn't receive the output back (this
> > has
> > been going on since 7 June but that's another story). I looked at
> > my
> > syslog and saw this:
> >
> > https://pastebin.com/hHR0Rvii
> >
> > Since I can't see the debug output of SA-Update I have no idea what
> > CenturyLinks spam filter hit on. I looked back through a weeks
> > worth of
> > syslogs and this is the only time that the message was rejected for
> > containing spam. Any ideas what was in the latest rule updates to
> > cause
> > this?
>
> Not without seeing the message itself. Is there any way for you to
> pastebin a copy of the message that was sent?

Sorry John, it's been removed from the queue
>
> Can you twiddle the aliasing so that the message is (temporarily, at
> least) delivered to a local mailbox in addition to the regular
> recipients?

I've been trying to figure that out. What I have done is switch postfix
over to using my GMail account however I've run into a tiny roadblock.
I keep getting

localhost postfix/smtp[14383]: 893FD1000B19:
to=<cpollock@embarqmail.com>, relay=smtp.gmail.com[209.85.235.109]:587,
delay=0.48, delays=0.1/0.04/0.31/0.03, dsn=5.5.1, status=bounced (host
smtp.gmail.com[209.85.235.109] said: 530-5.5.1 Authentication Required.
Learn more at 530 5.5.1
https://support.google.com/mail/?p=WantAuthError k99sm2494546otk.12 -
gsmtp (in reply to MAIL FROM command))

And I can't for the life of me figure out why. I've gone over my
postifx main.cf and other files for the past 4hrs and still can't find
a problem with any of them.

--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
17:54:24 up 2 days, 4 min, 1 user, load average: 1.69, 1.46, 1.32
Description: Ubuntu 18.04.2 LTS, kernel 4.18.0-22-generic
Re: SA-Update cronjob output rejected by ISP for containing spam [ In reply to ]
On Sat, 22 Jun 2019, Chris Pollock wrote:

> On Sat, 2019-06-22 at 10:29 -0700, John Hardin wrote:
>> On Sat, 22 Jun 2019, Chris Pollock wrote:
>>
>>> I'm not sure how to exactly word the problem so the subject is the
>>> best
>>> I can do for now. Whenever a crojob is run a message is sent out
>>> via
>>> postfix to me with the contents of that cronjob. This morning when
>>> the
>>> SA-Update cronjob was run I didn't receive the output back (this
>>> has
>>> been going on since 7 June but that's another story). I looked at
>>> my
>>> syslog and saw this:
>>>
>>> https://pastebin.com/hHR0Rvii
>>>
>>> Since I can't see the debug output of SA-Update I have no idea what
>>> CenturyLinks spam filter hit on. I looked back through a weeks
>>> worth of
>>> syslogs and this is the only time that the message was rejected for
>>> containing spam. Any ideas what was in the latest rule updates to
>>> cause
>>> this?
>>
>> Not without seeing the message itself. Is there any way for you to
>> pastebin a copy of the message that was sent?
>
> Sorry John, it's been removed from the queue
>>
>> Can you twiddle the aliasing so that the message is (temporarily, at
>> least) delivered to a local mailbox in addition to the regular
>> recipients?
>
> I've been trying to figure that out. What I have done is switch postfix
> over to using my GMail account however I've run into a tiny roadblock.

How about delivery to a local mailbox?


--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
A good high-school education is still essential,
and college is where you go to get one. -- MiddleAgedKen
-----------------------------------------------------------------------
814 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: SA-Update cronjob output rejected by ISP for containing spam [ In reply to ]
On Sat, 2019-06-22 at 16:10 -0700, John Hardin wrote:
> On Sat, 22 Jun 2019, Chris Pollock wrote:
>
> > On Sat, 2019-06-22 at 10:29 -0700, John Hardin wrote:
> > > On Sat, 22 Jun 2019, Chris Pollock wrote:
> > >
> > > > I'm not sure how to exactly word the problem so the subject is
> > > > the
> > > > best
> > > > I can do for now. Whenever a crojob is run a message is sent
> > > > out
> > > > via
> > > > postfix to me with the contents of that cronjob. This morning
> > > > when
> > > > the
> > > > SA-Update cronjob was run I didn't receive the output back
> > > > (this
> > > > has
> > > > been going on since 7 June but that's another story). I looked
> > > > at
> > > > my
> > > > syslog and saw this:
> > > >
> > > > https://pastebin.com/hHR0Rvii
> > > >
> > > > Since I can't see the debug output of SA-Update I have no idea
> > > > what
> > > > CenturyLinks spam filter hit on. I looked back through a weeks
> > > > worth of
> > > > syslogs and this is the only time that the message was rejected
> > > > for
> > > > containing spam. Any ideas what was in the latest rule updates
> > > > to
> > > > cause
> > > > this?
> > >
> > > Not without seeing the message itself. Is there any way for you
> > > to
> > > pastebin a copy of the message that was sent?
> >
> > Sorry John, it's been removed from the queue
> > >
> > > Can you twiddle the aliasing so that the message is (temporarily,
> > > at
> > > least) delivered to a local mailbox in addition to the regular
> > > recipients?
> >
> > I've been trying to figure that out. What I have done is switch
> > postfix
> > over to using my GMail account however I've run into a tiny
> > roadblock.
>
> How about delivery to a local mailbox?
>
I'll have to work on doing that tomorrow John, burned out from messing
with this all day. It should be a lot easier than trying to figure out
the GMail problem.

>
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
20:22:30 up 2 days, 2:32, 1 user, load average: 1.12, 1.04, 1.01
Description: Ubuntu 18.04.2 LTS, kernel 4.18.0-22-generic
Re: SA-Update cronjob output rejected by ISP for containing spam [ In reply to ]
On Sat, 2019-06-22 at 16:10 -0700, John Hardin wrote:
> On Sat, 22 Jun 2019, Chris Pollock wrote:
>
> > On Sat, 2019-06-22 at 10:29 -0700, John Hardin wrote:
> > > On Sat, 22 Jun 2019, Chris Pollock wrote:
> > >
> > > > I'm not sure how to exactly word the problem so the subject is
> > > > the
> > > > best
> > > > I can do for now. Whenever a crojob is run a message is sent
> > > > out
> > > > via
> > > > postfix to me with the contents of that cronjob. This morning
> > > > when
> > > > the
> > > > SA-Update cronjob was run I didn't receive the output back
> > > > (this
> > > > has
> > > > been going on since 7 June but that's another story). I looked
> > > > at
> > > > my
> > > > syslog and saw this:
> > > >
> > > > https://pastebin.com/hHR0Rvii
> > > >
> > > > Since I can't see the debug output of SA-Update I have no idea
> > > > what
> > > > CenturyLinks spam filter hit on. I looked back through a weeks
> > > > worth of
> > > > syslogs and this is the only time that the message was rejected
> > > > for
> > > > containing spam. Any ideas what was in the latest rule updates
> > > > to
> > > > cause
> > > > this?
> > >
> > > Not without seeing the message itself. Is there any way for you
> > > to
> > > pastebin a copy of the message that was sent?
> >
> > Sorry John, it's been removed from the queue
> > >
> > > Can you twiddle the aliasing so that the message is (temporarily,
> > > at
> > > least) delivered to a local mailbox in addition to the regular
> > > recipients?
> >
> > I've been trying to figure that out. What I have done is switch
> > postfix
> > over to using my GMail account however I've run into a tiny
> > roadblock.
>
> How about delivery to a local mailbox?
>
Amazingly I've got it working. What fixed it was adding [] around
smtp.gmail.com in my sasl_passwd file. I just let sa-update run and the
postfix output is:

Jun 22 22:12:01 localhost CRON[13838]: (root) CMD (/usr/bin/sa-
update -D --channelfile /etc/mail/spamassassin/sare-sa-update-
channels.txt --gpgkey 6C6191E3 && /etc/init.d/spamassassin restart # --
gpgkey E8B493D6 )
Jun 22 22:12:01 localhost postfix/pickup[11566]: C76F41000BA1: uid=0
from=<root>
Jun 22 22:12:01 localhost postfix/cleanup[13842]: C76F41000BA1:
message-id=<20190623031201.C76F41000BA1@cpollock.localdomain>
Jun 22 22:12:01 localhost postfix/qmgr[11567]: C76F41000BA1: from=<
chris.pollock1948@gmail.com>, size=5707, nrcpt=1 (queue active)
Jun 22 22:12:01 localhost postfix/local[13844]: C76F41000BA1: to=<
root@cpollock.localdomain>, orig_to=<root>, relay=local, delay=0.13,
delays=0.07/0.01/0/0.05, dsn=2.0.0, status=sent (delivered to command:
/usr/bin/procmail -Y -a $DOMAIN)
Jun 22 22:12:01 localhost postfix/qmgr[11567]: C76F41000BA1: removed

So, it looks like to me in this case it's sending local, but I'm
probably wrong. However, the message hasn't made it to my cron folder
yet.

--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
22:16:17 up 2 days, 4:26, 1 user, load average: 1.37, 1.26, 1.33
Description: Ubuntu 18.04.2 LTS, kernel 4.18.0-22-generic